about EAP using 1.1.7 and 2.0.3
Ryan Setiawan H
ryan.setiawan at banknisp.com
Wed Jul 9 05:08:16 CEST 2008
Ryan Setiawan H wrote:
> > Use 2.0.5. Or, install raddb/sites-available/inner-tunnel from the
> >source tree.
> >
> > Alan DeKok.
> >
>
Hi Alan,
Thanks for the reply, I've Update to freeradius 2.0.5, but still
didn't show result, the debug still the same,
here are the debug :
rad_recv: Access-Request packet from host 192.168.12.130 port 1024,
id=27, length=213
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-0a-e4-13-b8-87"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
EAP-Message = 0x0261000c0174657374696e67
Message-Authenticator = 0xf267668d55a632d7f6ff3b2b94735eca
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 97 length 12
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
users: Matched entry testing at line 61
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: EAP Identity
rlm_eap: processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 27 to 192.168.12.130 port 1024
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "101"
EAP-Message = 0x016200160410706dc9d0aeae1c2c1fe2d41a5f8cc84a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xba2a19f0ba481d03bf0d1926ffd8f60a
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.12.130 port 1024,
id=27, length=213
Sending duplicate reply to client local port 1024 - ID: 27
Sending Access-Challenge of id 27 to 192.168.12.130 port 1024
Cleaning up request 0 ID 27 with timestamp +164
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.12.130 port 1024,
id=27, length=213
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-0a-e4-13-b8-87"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
EAP-Message = 0x0261000c0174657374696e67
Message-Authenticator =
-------------------------------------------------------------------
I'm not sure it will help but i include the configure warning for 2.0.5
config.status: WARNING: ./Make.inc.in seems to ignore the --datarootdir
setting
config.status: WARNING: ./src/include/build-radpaths-h.in seems to
ignore the --datarootdir setting
chmod: check-radiusd-config: No such file or directory
configure: WARNING: silently not building rlm_eap_ikev2.
configure: WARNING: FAILURE: rlm_eap_ikev2 requires: libeap-ikev2
EAPIKEv2/connector.h.
configure: WARNING: the TNCS library isn't found!
configure: WARNING: silently not building rlm_eap_tnc.
configure: WARNING: FAILURE: rlm_eap_tnc requires: -lTNCS.
configure: WARNING: silently not building rlm_krb5.
configure: WARNING: FAILURE: rlm_krb5 requires: krb5.
configure: WARNING: silently not building rlm_sql_iodbc.
configure: WARNING: FAILURE: rlm_sql_iodbc requires: libiodbc isql.h.
configure: WARNING: silently not building rlm_sql_postgresql.
configure: WARNING: FAILURE: rlm_sql_postgresql requires: libpq-fe.h libpq.
configure: WARNING: oracle headers not found. Use
--with-oracle-home-dir=<path>.
configure: WARNING: silently not building rlm_sql_oracle.
configure: WARNING: FAILURE: rlm_sql_oracle requires: oci.h.
configure: WARNING: silently not building rlm_sql_unixodbc.
configure: WARNING: FAILURE: rlm_sql_unixodbc requires: libodbc sql.h.
---------------------------------------------------------------------
I'm using default configuration, just only change client.conf and users.
there is clue, when I saw debug from 1.1.7 the second access request has
different id
but in this debug, it had same id ( that's is 27 ) maybe because client
didn't receive challenge, it tried to retransmit
I'm not expert at EAP but i think after challenge client should reply
with different id... ( that is what I see at 1.1.7 )
Is there any configuration to be added ?
Thank You
Ryan Setiawan H
--
DISCLAIMER:
The contents of this email and attachments are confidential and may be subject to legal privilege. Any unauthorized use, copying, disclosure or communicating any part of it to others is strictly prohibited and may be unlawful. If you are not the intended recipient you must not use, copy, distribute or rely on this email and should please return it immediately to the sender or notify us and delete the email and any attachments from your system. We cannot accept liability for loss or damage resulting from computer viruses. The integrity of email across the Internet cannot be guaranteed and PT BANK NISP, Tbk. will not accept liability for any claims arising as a result of the use of this medium for transmissions by or to PT BANK NISP, Tbk.
More information about the Freeradius-Users
mailing list